27 个仓库
Configuration guides for security-focused response headers.
Distinguishing note: Focuses on browser-enforced security via HTTP headers.
Explore 27 awesome GitHub repositories matching security & cryptography · HTTP Security Headers. Refine with filters or upvote what's useful.
The OWASP Cheat Sheet Series is a comprehensive, community-driven repository of concise security best practices and defensive coding patterns. It serves as a centralized knowledge base for developers and security professionals, providing actionable guidance to secure applications across the entire software development lifecycle. The project covers a vast array of security domains, ranging from fundamental web application hardening and authentication protocols to specialized controls for modern infrastructure and artificial intelligence systems. What distinguishes this project is its decentral
Configures security-focused response headers to enforce protective browser policies.
This project is a lightweight Node.js web server and command-line tool designed for hosting static assets and delivering local files over HTTP. It functions as a static site host that provides a minimal environment for serving HTML, CSS, and JavaScript files to web browsers. The server includes built-in support for TLS encryption to enable secure HTTPS access and allows for the configuration of cross-origin resource sharing headers. It also features basic authentication to restrict folder access via username and password verification. The system manages content delivery through browser cache
Injects standard HTTP caching headers into responses based on user-defined expiration settings.
This project is a comprehensive library of reusable configuration patterns for the Apache web server. It provides a collection of server-side directives designed to manage security, performance, and request routing through decentralized configuration files. The repository serves as a reference for implementing server-level settings without requiring global restarts. It includes specialized patterns for enforcing secure connections, managing cross-origin resource sharing, and protecting sensitive system files from public exposure. Users can leverage these snippets to implement clickjacking pro
Serves as a reference for implementing security headers to mitigate common web vulnerabilities.
Helmet is an Express.js middleware library that sets a comprehensive collection of HTTP security headers to protect web applications from common vulnerabilities like cross-site scripting and clickjacking. At its core, it provides a configurable middleware system for injecting security headers into HTTP responses, with a primary focus on Content Security Policy configuration through custom directives and report-only testing modes. The library distinguishes itself through a flexible configuration surface that supports method chaining for composing multiple headers in a single expression, as wel
Sets a comprehensive set of HTTP response headers to harden web application security.
Bunkerized Nginx is a containerized security automation system that provides a secure reverse proxy and web application firewall. It focuses on protecting web applications by monitoring container labels within cloud-native orchestration systems to automatically update security settings and firewall rules. The system distinguishes itself through automated security operations, including the automatic management of SSL certificates and an automated client banning mechanism that blocks IP addresses based on HTTP status codes. It features bot challenge mechanisms using CAPTCHAs, JavaScript, or coo
Implements security-focused HTTP response headers and tightens TLS settings to reduce the attack surface.
This repository contains the HTML specification, which defines the core standards for web page structuring, content organization, and document rendering. It establishes the fundamental algorithms for state-machine-based tokenization, tree construction for the document object model, and origin-based security isolation. The specification provides a framework for defining custom elements with independent lifecycles and registries. It also details the requirements for cross-document communication, session history management, and the synchronization of interface properties with content attributes.
Uses HTTP response headers to enforce cross-origin policies and embedding restrictions.
Eve is a REST API framework that maps database collections to web resources through declarative configuration files. It functions as a database-to-API mapper, automatically exposing data as RESTful endpoints with built-in support for CRUD operations and schema-based request validation. The project distinguishes itself through a HATEOAS API engine that generates hypermedia links and resource schemas for dynamic client discovery. It also includes an automated Swagger documentation generator that produces interactive specifications for client SDK generation and testing. The framework provides a
Sets global and resource-specific HTTP cache control headers and expiration times to manage response revalidation.
cloudscraper is a Python library designed to bypass Cloudflare anti-bot protections by resolving JavaScript challenges and mimicking browser fingerprints. It functions as a specialized tool for accessing websites that employ automated security systems to block scripts and headless browsers. The project differentiates itself through the use of interchangeable JavaScript runtimes, such as Node.js or V8, to execute challenge code and obtain security clearance tokens. It employs a fingerprint rotation engine and HTTP request emulation to rotate browser headers and device identifiers, mimicking hu
Manipulates HTTP Host headers to control how the client identifies itself during network handshakes.
FileBrowser is an open-source, self-hosted file management interface that runs as a single binary with no external dependencies. It provides a web-based interface for browsing, uploading, editing, and sharing files on a remote server, with a core architecture built on JWT-based stateless authentication and a rule-based path permission engine that controls access at the directory level. The project distinguishes itself through a comprehensive access control system that supports multi-provider authentication including OIDC, LDAP, external JWT, and two-factor authentication, alongside granular p
Read the JWT token from a configurable HTTP header instead of a query parameter for more secure authentication.
Dragonfly is a peer-to-peer file distribution system designed to accelerate large-scale file and container image delivery across clusters. It splits files into small pieces that peers exchange independently, enabling parallel downloads from multiple sources while a central scheduler assigns parent peers based on real-time load metrics. The system integrates with existing tools through an HTTP proxy interface and uses gRPC for internal communication between peers and the scheduler. The system distinguishes itself through automatic integrity verification at the piece level, ensuring every downl
Accepts standard HTTP header fields to pass authentication credentials when fetching files from the source.
Tinyproxy 是一个专为 POSIX 操作系统设计的轻量级 HTTP 和 HTTPS 代理守护进程。它作为一个系统级网络代理,以最小的资源开销管理 Web 流量。 该项目支持多种路由模式,包括用于将请求转发到后端服务器的反向代理,以及用于在无需客户端配置的情况下拦截网络流量的透明代理。它还包括一个头过滤器,用于修改或阻止特定的 HTTP 头以保护隐私和安全。 该软件结合了基于客户端子网的网络访问控制和协议过滤。为了系统安全,它实现了权限降级,在绑定到端口后以非特权用户身份运行。其他功能包括用于管理服务器和客户端之间速度差异的响应缓冲,以及用于监控代理统计信息的远程接口。
Provides capabilities to add, remove, or modify HTTP request and response headers for privacy and security.
TypeSpec is a language for defining cloud API shapes and generating OpenAPI, JSON Schema, and client/server code from a single source of truth. It functions as a protocol-agnostic API designer that models REST, gRPC, and other API protocols using a unified, extensible syntax, with a decorator-based metadata system for attaching metadata, validation rules, and lifecycle visibility to API models and operations. The compiler produces OpenAPI 3.0 specifications and other artifacts, and the tool supports declaring API versions and tracking changes to models, properties, and operations across releas
Provides a decorator-based system for configuring HTTP header parameter options in API definitions.
SpringSide 4 is an enterprise Java reference architecture and utility library built on the Spring Framework. It provides a pragmatic, best-practice application stack for building RESTful web services, web applications, and data access layers, along with a curated collection of high-performance utility classes for common operations like text, date, collection, reflection, concurrency, and I/O handling. The project distinguishes itself by combining a complete reference application scaffold with production-oriented infrastructure. It includes a JPA-based data access layer that automatically tran
Provides a utility for attaching authentication tokens to HTTP requests via a fluent client.
PartyKit is a serverless WebSocket backend platform for building real-time multiplayer applications. It provides a globally distributed edge computing runtime that runs stateful server code close to users, with automatic scaling and hibernation for idle rooms. The platform handles WebSocket connections, HTTP requests, and durable storage without requiring infrastructure management, and includes a client and server SDK with hooks, storage, and Yjs integration for building collaborative features. The platform distinguishes itself through per-room isolation using Durable Objects, where each uniq
Verifies user identity on incoming HTTP requests by checking a session token in an Authorization header.
django-cors-headers 是一个 Django 中间件,用于管理跨域资源共享(CORS)标头,以控制哪些外部域可以访问服务器资源。它作为一个安全组件,通过来源验证和标头管理来强制执行访问控制策略。 该项目提供了使用主机名或正则表达式进行来源白名单的功能,并支持本地网络访问规范以允许来自私有网络的请求。它允许通过基于路径的限制和由信号系统驱动的动态来源验证进行细粒度控制。 该软件涵盖了更广泛的安全和性能领域,包括凭据管理、请求过滤和响应标头暴露控制。它还通过将来源添加到 Vary 标头来管理缓存协调,以防止不同跨域请求之间的内容冲突。
Prevents cache collisions between different cross-origin requests by adding the Origin header to the Vary response.
Medium Unlimited 是一个浏览器扩展和 Web 内容解锁器,旨在移除发布平台上的会员限制和订阅限制。它作为一个基于浏览器的文章解锁器,允许阅读跨多个域名的付费内容。 该工具利用搜索引擎集成来识别文章的存档或镜像版本,并自动重定向到全文链接。它将这些重定向与在原始文章被锁定时定位外部发布者内容的能力相结合。 该项目通过文档对象模型(DOM)操作隐藏会员覆盖层,并通过修改请求头来模拟搜索引擎爬虫,从而实现内容访问。它采用基于模式的域名和 URL 匹配来触发这些绕过工作流。
Modifies HTTP request headers to mimic search engine crawlers and bypass server-side restrictions.
本项目是一个数字图书馆导出器和 EPUB 内容生成器,专门用于从 O'Reilly Learning 平台下载书籍并将其转换为电子出版物文件,以供离线阅读和永久存储。它作为一个 Web 内容抓取工具,检索受限的文本和媒体,以促进数字图书馆归档。 该工具使用凭据或 Cookie 管理会话身份验证,以保持对内容的持续访问。它通过唯一标识符检索书籍,并将源材料转换为标准化的 EPUB 文件,包括布局优化,以确保表格和元素在各种电子阅读设备上的兼容性。
Attaches authentication tokens to outgoing HTTP headers to ensure requests are authorized by the target platform.
Yii 是一个全栈 PHP Web 框架和基于组件的系统,专为构建动态网站和 RESTful 服务而设计。它作为 MVC 应用程序框架运行,将业务逻辑与用户界面分离,并包含一个用于与数据库交互的内置对象关系映射器。 该项目提供了一套全面的命令行工具集,用于项目引导、自动化代码生成和后台任务执行。它利用基于组件的架构和服务定位器来管理依赖注入和对象生命周期。 该框架涵盖了广泛的功能领域,包括模式迁移和版本控制、基于角色的身份管理以及内容本地化。它还具有多种缓存策略,例如片段缓存、查询缓存和全页缓存,并支持基于依赖的失效。其他系统工具包括软件测试框架、事件日志记录和请求速率限制。
Manages browser caching behavior via standard HTTP headers to reduce redundant server rendering.
这是一个用于 Django REST Framework 的 JSON Web Token (JWT) 身份验证包,用于管理无状态用户身份。它作为一个身份验证提供程序和令牌管理器,用于签发和验证签名令牌,以在多个请求中维护用户会话。 该项目实现了双令牌生命周期,签发短期的访问令牌和长期的刷新令牌,以平衡安全性和会话持久性。它具有令牌轮换功能以防止重放攻击,以及用于使受损凭据失效的黑名单系统。此外,它支持滑动窗口过期以自动延长活动会话,并允许自定义身份声明,将用户元数据直接嵌入到令牌负载中。 该系统提供了使用对称和非对称算法进行令牌签名的全面功能,以及无需数据库查询即可验证身份的加密验证。它还包括对 OpenAPI 安全方案的集成,以记录基于令牌的身份验证要求,以及用于清理过期令牌的数据库工具。
Configures the HTTP headers used to transmit authentication tokens in API requests.
AdguardFilters is a collection of curated adblock filter lists, content blocking rulesets, and DNS blocklists. Its primary purpose is to provide the rules necessary to identify and remove advertisements, tracking scripts, and intrusive elements across web browsers and applications. The project includes specialized rules for cosmetic filtering to hide layout gaps and a malware domain database to block phishing and spyware destinations. It provides distinct filtering sets for different regions and purposes, such as social media blocking. The repository covers broad capability areas including m
Allows for the removal of specific headers and modification of Referrer and Content Security Policies.